MPLS VPN

Release Notes for Cisco VPN Solutions Center: MPLS Solution 1.
2
The information in this Release Notes for Cisco VPN Solutions Center: MPLS Solution 1.2 document supersedes all information in the documentation set for Cisco VPN Solutions Center: MPLS Solution, referred to as MPLS VPN Solution.
Note
Please read this document prior to reading any other manual for Cisco VPN Solutions Center: MPLS Solution.
Contents
The information in this release note is organized into the following sections:

Contents, page 1 Materials Included in Packaging, page 2 Introduction, page 2 What Is New in Release 1.2 of MPLS VPN Solution, page 3 System Recommendations, page 7 Time Zones for NetFlow Collection, page 9 Task API Usage: TaskFactory::createGetSLAData() Operation, page 9 Problems Fixed Since Cisco VPN Solutions Center: MPLS Solution Release 1.1, page 9 Known Problems in Cisco VPN Solutions Center: MPLS Solution Release 1.2, page 12 Cisco Connection Online, page 31 Documentation CD-ROM, page 32
Corporate Headquarters:
Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA
Copyright 2000. Cisco Systems, Inc. All rights reserved.
78-10944-01
Materials Included in Packaging
Materials Included in Packaging

The materials included in the product box are as follows:

Cisco VPN Solutions Center: MPLS Solution CD (Part Number: 80-5479) Documentation Road Map for Cisco VPN Solutions Center: MPLS Solution 1.2 (Part Number: 78-11110) Release Notes for Cisco VPN Solutions Center: MPLS Solution 1.2 (Part Number: 78-10944) Cisco VPN Solutions Center: MPLS Solution Installation Guide (Part Number: 78-10549) Cisco VPN Solutions Center: MPLS Solution Provisioning and Operations Guide (Part Number: 78-11367) Cisco VPN Solutions Center: MPLS Solution User Reference (Part Number: 78-10945)
Additionally, the product includes the Cisco IP Manager product, which includes the following components:

Cisco IP Manager CD (Part Number: 80-4862) Cisco IP Manager Lite 2.0 Release Notes (Part Number: 78-7205) Cisco IP Manager (Lite) Users Guide, Version 2.0 (Part Number: 78-10298)
Note
The MPLS VPN Solution product includes only the capability to automatically upload and download router configurations through Cisco IP Manager. To use any other Cisco IP Manager features, including the Graphical User Interface and Templates, you must use a separately installed and licensed Cisco IP Manager system. To obtain a fully-featured Cisco IP Manager, please contact your Cisco Sales Representative. If you order a Cisco VPN Solutions Center: MPLS Solution API upgrade, you will receive the following:

Release Notes for Cisco VPN Solutions Center: MPLS Solution 1.2 (Part Number: 78-10944) Cisco VPN Solutions Center: MPLS Solution API Programmer Guide (Part Number: 78-7124) Cisco VPN Solutions Center: MPLS Solution API Programmer Reference (Part Number: 78-11100)
Introduction
Effective operations management is one of the most important success factors for the Service Provider business. Cisco VPN Solutions Center: Multi Protocol Label Switching (MPLS) Solution, referred to as MPLS VPN Solution, is part of operations management tools. MPLS VPN Solution is the provisioning and network management solution for MPLS VPNs. Service Provider MPLS VPN networks present new challenges to the provisioning of network services. The Service Provider must be able to share bandwidth among customers while simultaneously ensuring that the network reliability and security remain at the same level as private leased lines. To effectively meet these requirements, network architecture, deployment, roll out, and operational support procedures must be well planned and defined. MPLS VPN Solution enables the Service Provider to effectively manage and maintain the integrity of the network.
Release Notes for Cisco VPN Solutions Center: MPLS Solution 1.2
78-10944-01
What Is New in Release 1.2 of MPLS VPN Solution
MPLS VPN Solution runs on a Sun Microsystems Solaris platform, Release 2.6. The setup function allows you to create targets from router configurations and define the Provider Administrative Domain, customers, and VPNs. MPLS VPN Solution is a service management system that allows service operators to use wizards to enter the requested service-related information. MPLS VPN Solution has an audit function that monitors and reports the current state of a VPN service request over its lifetime and the reasons why the service request is in its current state. MPLS VPN Solution provides collection tasks and reports for accounting and Service Level Agreements (SLAs).

The following topics (listed alphabetically) are new or the implementation was changed dramatically from Release 1.1 to this Release 1.2:

Accounting Enhancement, page 3 Auditing Enhancements, page 3 Documentation Additions, page 4 Event Subscription Service, page 4 Find Function, page 4 Formatting of Error Logs for Programmatic Parsing, page 5 Interface Statistics Collection for Cisco Routers, page 5 Provisioning Enhancements, page 5 Repository Journal, page 6 Task Name and Network Name Enhancements, page 6 View Data Report, page 7 User Login Protection for Both VPN Console and CORBA API, page 7 XML Formatted Reports, page 7
Accounting Enhancement
NetFlow data flows that span hourly boundaries are now prorated into both hourly bins for improved accuracy.
Note
Accounting data collected and aggregated in Release 1.1 is not compatible with the new format in Release 1.2. The new format more accurately specifies data distribution when collection does not occur on hourly boundaries.
Auditing Enhancements
The system now audits the PEs and CEs for the newly-added Open Shortest Path First (OSPF) routing protocol. Additionally, the system now audits the uBR 7246 PE and the new interface encapsulation type, Frame Relay IETF.
Release Notes for Cisco VPN Solutions Center: MPLS Solution 1.2 78-10944-01
Documentation Additions
In addition to updating the Release 1.1 documentation set to add the new features for Release 1.2, the following are new documents for Release 1.2:

API Programmer Guide Documentation Road Map
API Programmer Guide

The Cisco VPN Solutions Center: MPLS Solution API Programmer Guide describes the programmatic concepts that are supported by the accompanying CORBA IDL-based APIs. This manual gives a generic, not language-specific, description of how to use the API features when implementing MPLS VPN Solution features in third-party source code. This release of this manual gives special attention to the description of Event Subscription Service, a new feature.
Documentation Road Map

The new Documentation Road Map for Cisco VPN Solutions Center: MPLS Solution 1.2 describes resources to help you find information about the product. It lists the documents that are in the MPLS VPN Solution documentation set and presents high-level summaries of their contents.
Event Subscription Service

The Event Subscription Service (ESS) is an event-notification scheme (for client-application developers) with which to track specific events that may be of interest to users of their client applications. Using the ESS, client-application developers can support real-time response to system events, local caching of system data, and synchronization of one or more tasks to create a process flow. During normal execution, the Cisco VPN Solutions Center software publishes events:

each time an object is created, modified, or destroyed in any of the four VPN Solutions Center repositories each time a scheduled task begins or ends its execution when a Watchdog event signals a change in execution status for a VPN Solutions Center server.
Each event identifies the associated element, task, or server and provides information corresponding to the event type.
Find Function
A search mechanism is now available with the implementation of the new Find menu task bar. The Find options are:

Find Network Find VPN Provider Find Provider Region Find VPN Customer
78-10944-01
Find Customer Site Find VPN.
When you enter any part of the name of an item, a search occurs for the first match. The node is expanded (if not already expanded), and the found item is highlighted. Subsequent searches are available with the Find Next feature.
Formatting of Error Logs for Programmatic Parsing

Task logs are now written in an Extensible Markup Language (XML) format with Document Type Definition (DTD). The XML format and grammar facilitate parsing and incorporation into third-party client-application software. Third-party users now have programmatic access to task logs because the information is in XML format and includes a DTD. The format and grammar enables a programmatic parse.
Interface Statistics Collection for Cisco Routers

The system now collects traffic data per interface for one or more Cisco routers. Data is collected from the MIB2 interface table.
Provisioning Enhancements
The provisioning enhancements are listed alphabetically, as follows:

Boolean Switch Additions Cable Interface Support CE and PE Subinterfaces Configurable with Frame Relay IETF Encapsulation, page 6 Hardware Support, page 6 Local Management Interface (LMI) Type Selection, page 6 Routing Protocol Addition (OSPF), page 6 Unique Route Distinguisher Assignment Across PEs, page 6 VRF and RD Assignment Manually Overridden, page 6.
Boolean Switch Additions

The PE selection panel has new check boxes for the following decisions:

redistribute connected or not (into BGP only) redistribute static or not (into BGP, OSPF, or RIP only) interface to be provisioned shutdown or not.
Cable Interface Support

The interface selection panel now contains a new Cable interface type to support the uBR 7246 platform.
CE and PE Subinterfaces Configurable with Frame Relay IETF Encapsulation

The interface selection panel now contains a new Frame Relay IETF encapsulation type.
Hardware Support
VPNSC now supports the following hardware:

uBR 7246 (cable) Cisco 6400-Network Route Processor (NRP) as a PE.
Local Management Interface (LMI) Type Selection

To set the LMI type, enter the information in the csm.properties file for the CVPIM server.
Routing Protocol Addition (OSPF)

The OSPF routing protocol is now supported for PEs and CEs.
Unique Route Distinguisher Assignment Across PEs

Load balancing can be enabled by assigning a different Route Distinguisher (RD) value to the same VPN routing/forwarding instance (VRF) across PEs.
VRF and RD Assignment Manually Overridden

The system automatically creates a VRF and the RD, but now you can manually override these designations by enabling the feature in the csm.properties file.
Repository Journal
The journal server listens to all Repository events and saves them into journal files. The journal server also archives the journal files periodically.
Task Name and Network Name Enhancements

Before storing a task, the last thirty existing task names for the specific task type are now visible. This facilitates the creation of unique task names and the adherence to the existing task naming conventions. When creating targets from router configuration files, the existing network names are now listed for selection, in addition to continuing to allow you to enter a new network name.
78-10944-01
System Recommendations
User Login Protection for Both VPN Console and CORBA API
You must now log in when starting the VPN Console. The super user can create multiple user accounts with different user names and passwords. All accounts access all information, except the super user who is the only user with access to the user administration tool. The password length must be at least eight characters with one nonalphanumeric character. Details of usage of valid and invalid user names and passwords are logged to a specific log file specified in the csm.properties file. After three unsuccessful login attempts, the GUI part of the system is shut down.
View Data Report

When viewing data reports, you can now view:

By Device By Network By Dataset Type (with numerous choices).
XML Formatted Reports

Performance data is collected periodically and aggregated and saved into the Repository. Historically, the data was retrieved through a set of APIs or viewed through a set of customized reports. However, the amount of performance data collected and saved is large, therefore affecting the data-retrieval speed. To expedite the data extraction and to avoid overcustomization of the reports, web-based Data Query Tools are included in this release. The performance data retrieved by the query is saved to a file in XML format and includes a Document Type Definition (DTD). The following are the types of data:

SLA Definitions SA Agent Data Accounting, both detailed statistics and a summary CAR MIB Interface Statistics.
The system recommendations are explained in the following categories:

MPLS VPN Solution System Recommendations Cisco IP Manager (CIPM) (Lite) Version 2 Recommendations Other System Recommendations
MPLS VPN Solution System Recommendations

The following are the system recommendations for MPLS VPN Solution:
For the workstation recommendations, see Table 1.

Workstation Recommendations for MPLS VPN Solution
Table 1
Number of CEs Up to 500 500 to 1,500
Workstation Minimum: Ultra 60 (1 CPU) For Growth: Enterprise 250 (2 CPUs) Minimum: Ultra 60 (2 CPUs) For Growth: Enterprise 250 (2 CPUs)
RAM 1 GB 1 GB 1 GB
Disk Space 20+ GB 20+ GB 20+ GB
1,500 to more than 3,000 Enterprise 450 (4 CPUs)
Note
The 20+ GB disk space recommendation in Table 1 is only required when NetFlow collection is being used. Otherwise, the standard hard disk that comes with the system is sufficient.
Solaris 2.6 with recommended patches.
Note
When you install Solaris 2.6, be sure to choose either the Developer System Support or the Entire Distribution software groups. Do not choose the End User System software group. The Developer System Support and Entire Distribution software groups contain the software required for a correct operating system installation (such as the SUNWbtool and SUNWsprot packages).
CD-ROM drive. The product is installed from a CD-ROM.
Cisco IP Manager (CIPM) (Lite) Version 2 Recommendations

Prior to installing the MPLS VPN Solution, you must install Cisco IP Manager (CIPM) (Lite) Version 2.0(40), which is bundled with this product. This is a requirement because it is the element manager for MPLS VPN Solution.
Note
You must install CIPM on a separate machine from where you will install the MPLS VPN Solution software. For information on how to install CIPM, refer to the Cisco IP Manager (Lite) Users Guide: Version 2.0 distributed with the product. The recommendations for the workstation on which you are installing CIPM are as follows:

Minimum of Ultra 60 (1 processor) workstation with 512 MB RAM and 10 GB disk space Oracle 8.0.5 Enterprise license and installation
78-10944-01
Time Zones for NetFlow Collection
Other System Recommendations

In addition to the MPLS VPN Solution and CIPM system requirements, the following is needed:
For NetFlow accounting data, install NetFlow Collector 3.0 on a workstation that is separate from both the MPLS VPN Solution workstation and the CIPM workstation. The minimum recommendation for this workstation is an Ultra 1with 256 MB RAM and 20+ GB disk space.
Note
The recommendation is that one NetFlow workstation be located on a LAN connected directly to each PE.
Web Browser: Netscape 4.5 or later is recommended.
Note
The Web Browser is specified during installation and in the csm.properties file.
For PEs: Cisco IOS 12.0(5)T or later, using the Service Provider feature set. However, the recommendation is 12.0(7)T or later. For Inter-Switch Link (ISL) between the PE and CE, the Enterprise feature set is required. For CEs: Cisco IOS 11.1 or later. However, to include Service Assurance Agent (SA Agent) support, use 12.0(5)T or later, using the IP feature set (i-train).
Time Zones for NetFlow Collection

Be sure that all devices from which data is being collected are synchronized. For NetFlow collection, this means that not only does the MPLS VPN Solution system need to be synchronized to the NetFlow Collector, but that the PE routers must also be set to the same time and time zone. Otherwise, data will not be displayed or will be inaccurately displayed based on the routers time stamp embedded in the data.
Task API Usage: TaskFactory::createGetSLAData() Operation

For this release, use the GUI interface (refer to the section Provision SLA Definitions and Collect SLA Data in the Cisco VPN Solutions Center: MPLS Solution User Reference) to create, collect, and delete Service Level Agreements (SLAs).
Problems Fixed Since Cisco VPN Solutions Center: MPLS Solution Release 1.1
The problems fixed since Release 1.1 are presented numerically in the following categories:

Installation, page 10 Provisioning, page 10 Graphical User Interface, page 10 Collection, page 11
API, page 12 Other, page 12.
Installation
CSCdp97748 - Mismatch of free space requirement value while installing. CSCdr10555 - Installation additionally requires patch 105210-27.
Provisioning
CSCdm26888 - Better IP address validation required - for example, in static route dialogs. CSCdm33817 - Incompatible PE/CE AS numbers can be entered during provisioning. CSCdm84614 - Missing detail on Duplicate/Overlapping IP address pools. CSCdp20904 - Change address pools before pool ends. CSCdp75263 - Service Request removal not complete. CSCdp77431 - OSPF cost command in configlet. CSCdp78396 - Able to create Service Request using major interface when Service Request exists with subinterface. CSCdp82709 - wdperf stops and restarts while creating Service Requests through APIs. CSCdp86726 - Audit fails after modifying Service Request to remove extra CE loopback. CSCdr01859 - Could not delete Numbered address pool from region. CSCdr06645 - Audit not catching multiple access-list numbers in route-map. CSCdr07338 - Audit should fail for extra set extended community values in route-map. CSCdr07633 - Missing IP Route error while auditing Numbered to Unnumbered CSCdr48910 - When executing a Populate Interface task, the task status reports successful even if errors occurred. CSCdr51024 - Unable to deploy Service Request that is a member of greymgt.vpn, if ACL 99 and ACL 1300 exist. CSCdr56315 - Need APIs to set retry and timeout values. CSCdr74988 - A core dump occurs when the Management VPN is deployed on an ATM interface between the MPE and MCE.
Graphical User Interface

CSCdp07284 - VPN Console does not refresh network list after using CIPMObjSync CSCdp36236 - wdgui updates incorrect row after resorting. CSCdp36737 - User confirmation must be mandatory for deletion of IP address. CSCdp41213 - Incorrect DISPLAY variable gives misleading error message. CSCdp43659 - Small memory leak in Scheduler process. CSCdp67116 - Tasks do not always start at scheduled time.
10
78-10944-01
CSCdp80771 - Default window size too short for SLA annual report. CSCdp91271 - Java Exception during Edit Target. CSCdp97877 - Java Exception during Delete SLA. CSCdr00497 - Passwords should not be displayed by default in the network window CSCdr07871 - In the SLA Annual Summary Report, the Min delay is always 0. CSCdr11982 - BGP AS# editing should be allowed while creating new Provider Administrative Domain. CSCdr12807 - Modify of LAN Service Request blanks out PE and CE IP address. CSCdr12843 - Modify of Service Request with static and advertised routes blanks out the advertised routes on the CE. CSCdr14039 - Two targets with the same name can be created under same network. CSCdr15342 - Export Map field should be inactive when CE joins Management VPN. CSCdr22554 - Hard to recognize the express key for the Jitter Report. CSCdr22570 - Menu item for some reports should not be plural. CSCdr22590 - m1 directory still displayed with debug turned off. CSCdr27722 - Remove the text, Launch Topology Views, from auditing report in the browser. CSCdr56022 - Purely numeric password should not be allowed. CSCdr56037 - Logged in User Name should be displayed in the VPN Console GUI.
Collection
CSCdp18885 - The Collect VPN Accounting logs need better error messages. CSCdp53863 - User must specify no ip domain lookup on the router. CSCdp76423 - wdperf needs to use the standard time format. CSCdp86958 - The error section of the task logs includes some debug numbers. CSCdp88029 - Current Burst never changes in CAR MIB reports. CSCdp99246 - After restoration of the Repository, Service Requests can not be modified. CSCdr03834 - Log Server restarting when loading 1.5 MB files. CSCdr21172 - SLA tasks fail when the local host is hard coded. CSCdr21660 - Trap catcher is not correctly picking up time zones. CSCdr22493 - CAR MIB task does not report/display SNMP errors in the browser status. CSCdr23300 - Accounting task does not report errors correctly in browser. CSCdr23349 - Accounting task does not report errors correctly in browser. CSCdr35762 - ArrayOutOfBoundsException occurs in Event Server. CSCdr35810 - Task completion status not being returned when task is finished. CSCdr79508 - SLA entries configured multiple times with 2.2.0 Round Trip Time MIB (IOS 12.1(2)T).
11
Known Problems in Cisco VPN Solutions Center: MPLS Solution Release 1.2
API
CSCdp66898 - /etc/init.d/tagvpn stop does not stop Orbix NS process. CSCdr06136 - VsmSRCreator should allow /32 only for InterfPECEIPUnnumbered. CSCdr06356 - VsmInterfaceEncapsulation:FrameRelay_IETF_encap - for FUTURE USE. CSCdr93394 - Domain name should not be required when creating a PE and a CE.
Other
CSCdm24333 - Installation Guide needs to explain how to display the VPN Console correctly. CSCdp47596 - VpnInvExport does not accept localhost as the Name Server. CSCdr22578 - Wrong information shows in csm.properties file. CSCdr69227 - grey_mgmt_vpn name in User Guide is wrong. CSCdr72168 - Version 1.1 patch 3 installation causes httpd to die. CSCdr73860 - The User Guide should recommend the BGP protocol as well as the RIP protocol for a Management VPN.
The known problems are presented numerically in the following categories:

Installation Provisioning, page 13 Graphical User Interface, page 16 Collection, page 23 API, page 26 Other, page 31
Installation
CSCdp95960 - VPN installation must check top binary permissions and untar demo repository The top binary that is installed in the unsupported directory must be owned by the group sys and setgid. This ownership must be checked or set during VPN installation. CSCdp99604 - Install script should allow user to continue if network is down Installer appears to be in a loop when trying to ping a host. Workaround: You can either wait for the network to come on line again or press Cntrl + C to restart the install from the beginning.
12
78-10944-01
Provisioning
CSCdm58306 - SelectIPAddress step in Add VPN service wizard needs more checks During the Add VPN Service to CE wizard, you may enter specific IP address information. While basic validation is done on the IP address, more sophisticated checks of the address are not done. For example, 0.0.0.0/0, 127.0.0.0/0, and 255.255.255.255/32 are all allowed. Workaround: You should manually check that the addresses being entered are correct. CSCdp14582 - It is difficult to purge a Service Request against an invalid device If you define, for example, a PE that is inaccessible and make a Service Request that refers to it, provisioning keeps the Service Request in Requested state, because upload will fail. However, if you try to get rid of the Service Request by performing a deletion, it also fails, staying in the Requested state, for the same reason. As a result, the Service Request cannot go to closed, and hence cannot be purged. Accumulating these bogs down the system, as each download attempt has to time out on access to the bad devices. It is also not possible to delete the invalid device, because there are Service Requests outstanding against it. Workaround: Any technique that arranges (temporary) access to a device can be used to clear up this corner case. For instance, temporarily pointing the PE Target parameters to some other device allows upload to proceed. If this is not possible, another workaround is to switch the system to ECHO mode, clear the bad request in that mode, and reset to regular (CIPM) mode. CSCdp82730 - Time not displayed for the first 3001 Service Requests on the Service Request list When 20,000 Service Requests were created through the API, for the first 3001 Service Requests, the 'Created At' and the 'Last State Change' columns do not show the time when that event took place. Instead, the message 'Not Available' is seen on these two columns. The remainder of the Service Requests are fine. CSCdp94405 - VPNSC: template and neighbor x.x.x.x update-source <int> Neighbor x.x.x.x is not correctly treated if we have to redeploy a service where a template was used. The problem only occurs for neighbor x.x.x.x update-source under the address-family. CSCdp96976 - Multiple subsumption of invalid requests are handled incorrectly When an invalid Service Request is subsumed by a Service Request and goes invalid, the subsequent subsumption by a Service Request does not behave correctly in the provisioning engine. The delete Service Request contains the parameters from the wrong Service Request. CSCdr36264 - Changing the router name from the CLI leads to a tftp 2007 error If the router hostname is changed through the router CLI and the hostname is not changed in VPNSC via the GUI, then a configuration download via Cisco IP Manager might fail. Workaround: Change the hostname in VPNSC via the GUI as well. CSCdr45541 - BGP static configuration - global static route to the CE loopback When selecting BGP as a protocol between the CE and the PE and selecting static as the redistributed protocol, the loopback0 on the CE is given a static route in the VRF table on the PE. This is okay except that MPLS VPN Solution also places the same static route outside the VRF table. Therefore, two static routes are created to the same loopback, one inside and one outside the VRF. Note: This only occurs with the BPG and static redistributed protocol.
13
CSCdr54038 - Modifying Frame Relay to Frame Relay-IETF causes new loopback generation on PE A new loopback is assigned when a modify Service Request deletes the subsumed Service Request and adds the new Service Request. In this process, the loopback is deleted and re-added. The loopback-picking algorithm picks a loopback number that is one greater than the greatest loopback configured on the router. This does not occur if there are other interfaces pointing to the loopback or the loopback in question has the greatest number on that router. Workaround: None. CSCdr69226 - Management VPN creation requires another VPN definition When the New Service Request wizard is invoked without creating at least one provider, one customer, and one VPN, an error message says that this wizard requires at least one provider, one customer, and one VPN to be created. This is as designed Workaround: Understand that when the message says at least one VPN must be created, the meaning is that at least one user-defined VPN must be created. CSCdr75079 - Management VPN Access List and route map changed when modifications were unrelated When modifying the same and only protocol within a router, the access list number is incremented by one. Workaround: Does not affect functionality. CSCdr89392 - Service Requests states broken due to Grey Management CE None found in prefix Audits using VPN Routing Information fail, causing Service Requests to go to the "Broken" state. This affects only those Service Requests for CEs that join the management VPN. The Service Request for the MCE is unaffected and moves to the "Functional" State. This occurs only when the MPE/MCE routing protocol selected is either Static or BGP, and when "Redistribute Connected" has not been selected. In versions prior to 1.2, "Redistribute Connected" was automatically generated in any configlet that contained the PE routing protocol configuration. In version 1.2, "Redistribute Connected" is user selectable in the Service Request wizard. Workaround: To avoid this scenario, "Redistribute Connected" should be selected when the MPE/MCE routing protocol selected is either Static or BGP. CSCdr95038 - PE-CE link for cable maintenance should not allow subinterface When provisioning a PE-CE link for a cable maintenance interface, the subinterface is fixed to cablex/x.1. The GUI allows selection of the subinterface, which is inaccurate. Workaround: None. CSCds01621 - Modifying OSPF process ID on CE should remove network statement When modifying the OSPF process ID on the CE device, the existing network statement is left intact in the original OSPF process, while the new OSPF process is configured with the original network statement. This is not a valid OSPF configuration. Workaround: Remove the current Service Request and create a new Service Request with the desired OSPF process ID.
14
78-10944-01
CSCds06438 - Need audit check for subnet keyword on redistributions for OSPF The Auditor does not currently check for the presence of the subnet keyword on redistributions within OSPF. If the "subnet" keyword is missing, the Service Request state should go to Lost, rather than staying in the Deployed state. Workaround: None. CSCds09933 - Service Request goes Invalid when using lower case c for cable interface Using lower case "c" for interface using Cable causes the Service Request to go "Invalid". Workaround: Use upper case "C" only for this interface. CSCds10840 - Audit for Static does not catch missing advertised route When provisioning using Static routing protocol and at least one advertised route, removing the static route does not cause the Service Request to go to the Lost state. The Service Request remains in the Deployed state. Workaround: None known at this time. CSCds11216 - Service Request modification to disjoin management VPN is missing command If a Service Request for a CE that has joined the Management VPN is modified to disjoin the Management VPN, not all commands are generated to remove the Management related configuration. The configlet generated for the modify Service Request does not contain the following: ip vrf <vrf_name> "no route-map grey_mgmt_vpn_<vrf_name> permit 10" All other portions of the Management VPN configuration are removed. Workaround: Service and functionality is not affected. The only workaround is to manually remove the export map statement from the VRF configuration on the router. CSCds11941 - Service Request for static fails to deploy with inconsistent address and mask When a Service Request is created with 'static' and 'Give Only default routes to CE' and provisioned, it fails to deploy with the message 'inconsistent address and mask'. Workaround: None.
15
Graphical User Interface

CSCdm13419 - Routers with same name can be assigned to same region, site To set up VPN customers and their sites or providers and their regions, you must assign routers to the sites or regions. The site and region panels then list the host names of the routers that have been assigned as CEs or PEs, respectively. Currently, the user interface allows you to assign routers with the same hostname (but different networks) to the same site or region. This can lead to confusion when viewing the list of CEs in a site or PEs in a region. For example, suppose there is a router called firewall in Network1 and a router called firewall in Network2. The product treats these as distinct and separate routers, because of the different network name, allowing you to add both of them as a CE to the same site, or as a PE to the same region. When you view the list of CEs, firewall appears twice. Workaround: Either have unique host names for the routers, even across Networks, or do not assign routers with the same hostname to the same region or site. CSCdm19511 - VPN Console hangs with fast <return> keystrokes In some cases in the VPN Console, if you type in quick successive Returns into text fields, you cause the VPN Console to hang. Workaround: Restart vpnconsole. CSCdm47030 - GetDuration, GetStartTime, and GetEndTime windows need validation While trying to collect the datasets from the NetFlow collector, GetDuration, GetStartTime, and GetEndTime windows are not validated. Workaround: None. CSCdm52106 - Schedule window too small in wizard The schedule step that appears in certain wizards may not show all the possible scheduling options because the window is too small. Workaround: Make the window larger. CSCdm56137 - Task status may show active after it completed In the task manager window, the status of a task may show as Active, even if the task has actually completed. Workaround: None. CSCdm59399 - VPN Console windows have bad sizing behavior under X emulators The VPN Console has shown bad sizing behavior when used with X emulators, such as XVision on Windows, NCD Xterminals, and Reflection X. Workaround: Resize the windows manually, if possible, or display to a Solaris workstation's display. CSCdm59856 - Icons may not be displayed in topology When using the topology, the icons may not display immediately. Workaround: Close the topology and re-open it.
16
78-10944-01
CSCdm61460 - Verification Report gives insufficient error information The Verification Report indicates: failure (Invalid enable level -1), when a serial connection failure actually occurred. Workaround: Verify that the serial connection is actually functioning. CSCdm65063 - Inconsistent behavior of modal windows in Admin Console The Admin Console window handling is inconsistent. For most modal windows, if an attempt is made to click outside the window, an audible beep is heard indicating that this is not allowed. However, if another nonmodal window is already displayed and a modal window is then opened, it is possible to click on the nonmodal and no beep is heard. Workaround: None. CSCdm78883 - Tools > Task Logs does not launch browser if not in $PATH The VPN Console attempts to launch a web browser for accessing certain functionality, for example, Task Logs and Audit Reports. If the web browser is not in the current PATH, it is not launched. This is in spite of the fact that the web browser may have been specified with a full, complete path during installation. Workaround: Edit the PATH to include the directory of the web browser. CSCdm80371 - Cursor does not appear in editable fields when using OpenLook Window Manager (olwm) When using the OLWM, the cursor does not appear in text fields in the VPN Console. Workaround: Change the window manager to Common Desktop Environment (CDE). CSCdm85670 - Target retries and timeout entry confusing The timeout value has an upper limit of 60 seconds. This is the timeout value used for each retry attempt to communicate to the router. CSCdm87862 - Editing a region may remove it from the region listing In some cases, when editing a region, the region may disappear from the Provider Administrative Domain's region list. The same thing may happen with the sites and customers. Workaround: Click Cancel on the Region window and the Provider window and re-open the provider and region windows. CSCdm91769 - Click in Traffic Summary Graph displays wrong tag/numbers The pie charts for the Accounting reports allow clicking on one of the wedges to see more information. In some cases, the numbers in the pie chart correspond to the wrong row in the tabular report. CSCdm91773 - Axis values in accounting charts incorrect The axis values in some of the accounting charts may be incorrect. CSCdp04528 - Failure to create a Provider Administrative Domain results in multiple error message windows Whenever creation of the Provider Administrative Domain fails, multiple failure message windows appear. Workaround: None. CSCdp04969 - Default route disappears when modifying a Service Request A problem occurs when modifying a Service Request that is using Static routing between the PE and CE. The default route specified in the original Service Request is no longer displayed. Workaround: Re-add the default route (0.0.0.0).
17
CSCdp06525 - Issues with topology - possible hang of VPN Console If you select Create a VPN from the topology and then perform another action such as a mouse click, within the GUI, the GUI might appear to hang. Workaround: Minimize windows until you find a modal dialog that is produced when trying to create a VPN. It may end up in the background if not addressed quickly. CSCdp13406 - Audit and Provisioning wizards get confused if run simultaneously Running the Add VPN to CE wizard and the Generate Audit Report wizard at the same time can get the two wizards into a confused state when the Back button is used. Using Back can return you to the previous screen in the other wizard. Workaround: Use only one wizard at a time. CSCdp14446 - Remove requests (re)scheduled by the task manager receive fatal error A Remove VPN Service Request that is re-deployed through the Task Manager, fails with a Task Log error message of FATAL ERROR. There are no Service Requests of type \VIRepGenericSrvcReq::SRObjTypeSRVC\. Workaround: Use the Provisioning > Deploy Service Request function to redeploy requests instead of rescheduling an existing task from the Task Manager. CSCdp16093 - Memory for applet limited by browser Not able to view audit reports from a browser due to browser's memory limit. Workaround: Manually increase memory from the Java control pane. Do not view multiple reports from the same browser simultaneously. CSCdp19379 - VPN Console hangs during refresh of Task Manager window The VPN Console can hang when using the Task Manager window. If this happens, you can start a new VPN Console process. Workaround: Use the drop-down menus from the main VPN Console window to start tasks instead of using the Task Manager. CSCdp25127 - Xclipboard functionality non-existent There is currently no way to copy text out of an MPLS VPN Solution window and paste it into another Xclient window. CSCdp33118 - Double-click on a chart pops to report Double-click on a chart brings the report forward and covers the chart. Workaround: None. No harm to the actual operation. CSCdp50127 - VPN Console window should close when the watchdog goes down VPN Console returns an error stating that an object could not be found in the database. Workaround: Close the VPN Console and re-open it. CSCdp54462 - GUI Refresh of VPN Inventory does not reread the Repository If the Raima utility initdb is used to clear out a database, then the Refresh functions in the VPN inventory of the VPN Console do not work. Workaround: Restart vpnconsole.
18
78-10944-01
CSCdp54481 - Refresh of Task Manager window does not reread the repository Tasks remain in the task manager GUI after the task database has been initialized and the GUI is refreshed. Workaround: Restart vpnconsole. CSCdp62988 - GUI hangs when modifying the repository during backup When a Repository backup is running, the database is write locked until the backup task completes. If you try to insert a new task into the repository while the backup is running, it fails. The VPN Console hung until the backup completed. Since a repository backup may take time, the VPN Console should not hang, but rather inform you that the database is currently write-locked. Workaround: Do not attempt to modify the repository while running a backup. CSCdp79910 - SA Agent Report gives no date selection The Monthly Report drop-down menu displays Connectivity, Max. Delay, and Threshold Violation as selectable items instead of a list of months or weeks, disallowing drilling down further by date. CSCdp85830 - Topology no longer appears in applet The topology views that were accessible in version 1.0 from the web browser as part of the Audit reports are no longer accessible from the web browser. Topology views are still accessible from the VPN Console. CSCdp86529 - GUI lists objects twice if refreshed during initial load Selecting Refresh on the VPN Inventory section in the GUI while it is still getting the object list results in the object tree being listed multiple times. Workaround: Be careful not to select Refresh at this time. CSCdp86843 - All VPN topology view is not scalable When you open the topologys All VPN view for a database that contains a large number of VPNs, the window that appears is not intuitive. Workaround: Select the VPN in question from the list in the hierarchy tree of the VPN Console window. Right mouse click and open the topology view on a smaller scale. CSCdp86884 - Adding a VPN through the topology and exiting before finishing causes errors If a Service Request is created from topology and is canceled before completion, it shows up in the left pane of the topology. Workaround: Do not use the topology to create Service Requests, use the wizard located in the VPN Console at Provisioning > Add VPN Service to CE. CSCdp86936 - The symmetric view of the topology needs to display names better Site names are difficult to read when viewing a repository that contains about 190 VPNs, when viewed in Symmetric Layout. Workaround: Select and open only individual VPNs or customers from the hierarchy tree of the VPN Console. CSCdr03591 - Java exception occurs when deleting Region When a PE or Region is being deleted by another user, it is difficult to read the error message, when moving through the Add VPN Service wizard. Workaround: None.
19
CSCdr17172 - Task logs not being deleted from tmp directory Logs are not deleted from the /tmp directory according to schedule. Workaround: Leave default configuration for csm.properties file as true, to clean up log files. CSCdr22854 - Task/deployment log - problem with the status message After execution of a provisioning request, the task status always indicates that the task completed successfully, even if errors occurred. Workaround: To determine the actual status of a provisioning request, do the following: 1) Click on the Log link for the corresponding task entry in the Task Log. 2) Click on the Deploy Service Request action in the lower left panel. 3) Check the status of the individual steps that make up the provisioning task in the bottom right panel. CSCdr27624 - Deleting a region does not check for associated PEs When you delete a region with PEs in it, no error message is displayed and the PEs are also deleted. Workaround: None. CSCdr42538 - Task API: Scheduled task name is not seen in the GUI The scheduled task name entered through the CORBA API is not displayed in the task manager GUI. Workaround: None. CSCdr51000 - Tab key stopped working after an error The Tab key and the period (.) key do not tab to the next field in the IP Address Pools window after an error occurs. Workaround: Use the mouse to set the focus to the required field. CSCdr52515 - Deletion of Region does not synchronize with its PEs When Delete the Region fails, the region remains in the left panel but the PEs under the region are removed. Workaround: None. CSCdr56337 - PE-CE provisioning if Change PE does not refresh interfaces In the interface selection step of the Service Request wizard, the list of interfaces are not refreshed if the PE selection is changed. Workaround: Exit the wizard and start a new wizard. CSCdr63519 - VPNSC hangs when you double-click on Edit in the Edit Customer site When you double-click on Edit in the Edit Customer site window, the application hangs. Workaround: The only way to execute is to stopwd, kill the existing jre, and startwd. CSCdr66294 - Java error when hitting space bar in Service Request report Sporadic Java error when hitting space bar in Service Request report. Workaround: Space bar is not needed for any Service Request action. Do not hit the space bar.
20
78-10944-01
CSCdr68917 - Tab key does not highlight the target field On both the General and Passwords panels of the Edit Multiple Targets panel, when you tab to the check mark boxes in front of each choice, there is no highlighted blue underline box like other click boxes such as for OK and Cancel.The cursor appears to have disappeared. When you tab to a check mark box, the box should be highlighted, dimmed, or underlined to show that the cursor is positioned at the box. Workaround: None. CSCdr76434 - Resizing some router picker windows becomes unusable If the Target Chooser window is resized smaller, the table size becomes too small and in some cases might become unusable. Workaround: Resize the Target Chooser window to a bigger size until the table size is restored to its original size. CSCdr83328 - Restore utility in Repository Administration does not start all the servers The Restore utility in Repository Administration shuts down and restarts all the servers. However, some servers fail to come up correctly and are therefore disabled. Additionally, if wdgui was running when the servers were restarted, it no longer displays the correct status for all servers. Workaround: After performing a Restore, be sure to close all instances of wdgui and vpnconsole. Then restart VPNSC by performing a stopwd -y followed by a startwd. CSCdr86364 - Tool tip displays version 1.1 in the browser Instead of version 1.2 being displayed, version 1.1 is displayed. Workaround: Understand that this is version 1.2 not version 1.1. CSCdr90221 - View data report unable to access traffic data Currently the View Data Report is unable to display data with the catalog type Traffic Data. When attempting to do so, the resulting pane is empty. Workaround: None. CSCdr92268 - Network combo-box not displaying default when opened The combo box feature is not functioning correctly for the "New Target" window. Workaround: None; no known impact. CSCdr92346 - Do not enter spaces in data-entry fields of GUI GUI inappropriately allows trailing spaces after task and target names. Workaround: Do not put trailing spaces when entering names into the GUI. CSCdr92352 - Cable provision GUI needs to disable CE ip address options When provisioning cable interfaces, the CE interface field in the SelectIPAddress step in the Service Request wizard is enabled even though you do not need to enter the CE interface address. Workaround: None. You do not need to enter the IP address CSCdr92550 - Create works as Edit if the user already exists While creating a new user through the user administration facility of the tool, if an attempt is made to create a second user with the same name, no error message is given. Instead, the tool modifies the details of the existing user. Workaround: Create unique user names while creating new users.
21
CSCdr92734 - PE to CE provision screen accepts different IP network address When creating PE to CE links, the GUI allows the PE and CE IP addresses to be in different networks. Workaround: None. CSCdr93603 - Delete region create deadlock when Provider Administrative Domain has only one region When trying to delete a Region, a deadlock occurs when the Provider Administrative Domain contains only one Region under it. Workaround: a) Instead of deleting the Region, modify the existing one. b) Delete the Region from the hierarchical pane (on the left side), instead of deleting it from the Edit PAD window. In this way, no error or deadlock occurs. CSCdr94757 - Print report: changing file extension converts name to lower case When printing SLA reports to a file, uppercase characters within the file pathname are permanently converted to lowercase when the output format (PS, TEXT, CSV, HTML, and so on) is changed. CSCdr95645 - Print report to file: no warning if directory does not exist When printing SLA reports to a file, there is no warning if the directory does not exist. Printing the report fails, but no warning is sent. CSCdr96786 - OSPF redistribution fails on CE when OSPF is the selected protocol Currently, when OSPF is selected as the PE/CE routing protocol, it is not possible to select OSPF redistribution on the CE in the RedistProtocols window of the add or modify Service Request wizard. This should be allowed, since it is possible to redistribute a different/existing OSPF process into the OSPF process VPNSC is provisioning. Workaround: Manually configure redistribution if required. CSCds00560 - Inaccurate error message when creating SLA task through the GUI Start with a clean Repository and create a framework. At this stage, there is no service request created. Then use the menu task bar, Monitoring > Provision SLA Definitions and Collect SLA Data to create and schedule an SLA. An error message results: There are no SA Agent customer edge (CE) routers associated with a VPN. Please associate at least one SA Agent customer edge (CE) router with a VPN, using the Setup menu, before attempting to use this wizard. The problem with this error message is that the only way to associate a CE with a VPN is by creating a Service Request on the CE. This association cannot be done through the Setup menu, and therefore the above error message is not accurate. Workaround: Create a Service Request for the CE before monitoring its SLA performance. CSCds01408 - GUI hangs after clicking Next in confirm window of Service Request wizard The GUI hangs intermittently just after clicking the Next button in the confirm window of the add/modify Service Request wizard. The GUI function is usually restored after approximately 3-4 minutes. There is no set procedure to reproduce it, although it only occurs when completing the add/modify Service Request wizard. Workaround: When this problem is observed, allow 3-4 minutes for the GUI functionality to return. CSCds05224 - Service Request State Change Report misses Deployed state change Service Request State Change Report does not report that the Service Request went into the Deployed State.
22
78-10944-01
CSCds05278 - State History for Web reports not working The State History button does not Display reports for the Web interface reports, for Service Request Detail Report for SR<#>. CSCds09827 - Import router configuration files is not working Importing of router configuration from files through collect router configuration task is not working. Workaround: Create targets using the Setup > Create Targets from Router Configurations menu.
Collection
CSCdm85646 - The wdclient restart all command fails to restart servers The wdclient restart all command fails to restart all servers reliably. One or more servers might fail to come up after the restart attempt. Workaround: To restart all servers, use the stopwd -y and startwd commands instead. CSCdm89943 - Need to handle Gigabit Switch Router (GSR) V5 NetFlow output format Accounting uses the NetFlow V5 exported data for traffic analysis. However, the NetFlow V5 data export did not support GSR as the PE router. Therefore, for the current FCS release, accounting does not support GSR as the PE router. Workaround: Do not use GSR as the PE router. CSCdp07809 - NetFlow can not map to subinterface for FastEthernet and High-Speed Serial Interface (HSSI) If the connection between the PE and CE is through a subinterface of FastEthernet or HSSI type, Accounting drops the traffic through this link. The current IOS does not populate the subinterface information to the MIB. Workaround: None. CSCdp11889 - Verify collect report for collections should reflect current set The verify collect report for collections does not reflect the currently possible collections. This report should be ignored. CSCdp54370 - Bypassing login is invalid if no password is configured Currently, the collection engine requires the router to be configured with a login password. The collection fails if the router is configured to by-pass the login. Workaround: Configure the router to require a password to log in. CSCdp76580 - Empty reports may result from a mismatch of time zones between the Repository and the system If a repository containing accounting data is moved to another system in a different time zone or the time zone on the system where the data was collected is changed, the reports are empty or incorrect when viewed. Workaround: Set the time zone of the system on which you wish to view the accounting reports to be the same as the time zone in which they were collected. Also, the time zone of the NetFlow collector system must be the same as the time zone of the system on which accounting collection tasks are run.
23
CSCdp95654 - Problem with current CAR aggregation The aggregation code currently assumes that the if the value collected is smaller than the prior collection (say packet count or KByte count), that the counters have wrapped. This does not take into consideration the possibility of counters being cleared or a router rebooting. Workaround: None. CSCdr15295 - Memory leak in Aggregator Server The memory requirements for the Aggregator Server increases over time. Workaround: Reboot server. Enter: wdclient restart aggregator. CSCdr23104 - SLA task is not supplying/forwarding error information to the web browser In the web browser, an SLA task reports that the task succeeded, when it actually failed. The error can be viewed in the error logs from the web browser. Workaround: View error logs for problems, even though none are reported. CSCdr34322 - Some APIs in DCDirectory module are not supported Some APIs in the DCDirectory module can throw exceptions under certain conditions. There is no way to fix it without changing the IDL to explicitly throw an exception or to indicate that the returned object is invalid. The APIs are the following: Interface Name API - Target ownerMediator(); Nsm localMediator(); Mediator localNsm(); Mediator backupMediator(); DirectoryManager nsm(in long nsmId); DirectoryManager mediator(in long mediatorId); DirectoryManager target(in long targetId); DirectoryManager targetByMachineDomainNetworkAndRole (...) Workaround: The client code should catch the exceptions that might be thrown. CSCdr41598 - Task Log reports wrong status for SA Agent collection task The problems are: a) An SA Agent collection task fails if it is executed on a machine other than the one it was created on. b) SA Agent collection tasks are always reported as having completed successfully, regardless of any errors that might have occurred during their execution. Workarounds: a) When using a Repository that was created on a different machine, be sure to re-create any SA Agent collection tasks that were defined on the other machine b) To determine the actual status of an SA Agent collection task, you need to do the following: 1) Click on the Log link for the corresponding task entry in the Task Log. 2) Click on the first action's link in the lower left panel. 3) Click on the Errors link in the lower right panel. This displays the errors, if any, that occurred during the execution of the task. CSCdr44432 - Need to dynamically assign Tibco number for customers If multiple instances of VPN SC are running on the same network and they all use the default Tibco port number (7500), each instance receives notification of events occurring in the other instances. This could cause confusion and errors. Workaround: If you need to install multiple copies of VPN SC, be sure to specify a unique Tibco port number for each one during the installation process.
24
78-10944-01
CSCdr49972 - Exception occurring in EventGateway server When the Watchdog is brought down and then immediately restarted, a problem involving Orbix permissions occurs in the EventGateway server. This prevents the Watchdog from being able to register itself properly with the orb. Workaround: Please note that if you let one minute elapse between stopping the watchdog and restarting it, the likelihood of this problem occurring is greatly reduced. However, once the watchdog has reported that it is unable to register itself, the only workaround is to stop the watchdog, kill Orbix, and then restart Orbix and the watchdog again. CSCdr54144 - Scheduled tasks are intermittently not run by the Scheduler Intermittently, a scheduled task will not be run by the Scheduler. Workaround: Reschedule the task. CSCdr68586 - vpnconsole displays memory leak, while provisioning The vpnconsole seems to consume memory as provisioning a task progresses. Workaround: the amount of memory leak increases during provisioning seems small and have not caused any problems in the past. If the memory leak increase gets too big, restart vpnconsole (just the GUI) to clean up the leaking memory. CSCdr77496 - Task log reports need to wrap long text lines Long lines of text being displayed in the task logs may be grayed out. Workaround: None. CSCdr86087 - Watchdog event subject are not correct to the specification Watchdog event subject name missing m1. Workaround: Look for subject "cisco.vpnsc.watchdog.XXX" instead of "cisco.vpnsc.watchdog.m1.XXX" CSCdr94226 - MIB2 task does not run when a target name has trailing spaces MIB2 stat.task returns Status Unknown in task logs, and does not appear to run. Workaround: There is probably a target in the collection that has a trailing space. Remove the trailing spaces. Also, rebooting the watchdog gets the task to run, but it fails individually for the target with trailing spaces. CSCds01730 - Memory leak when multiple versions of wdgui are open at the same time VPN Console GUI operates very slowly or sluggishly after numerous users have been logged in over a period of a few days. Using this much resource is causing problems. Workaround: Open only one wdgui at a time, preferably only when logged in as "Admin". CSCds05275 - CAR MIB task reports successful completion when there are errors Collect CAR MIB data task fails but reports that it completed successfully. Workaround: View error logs. CSCds07506 - CAR report displays some values in bytes instead of Kbytes CAR data values are displayed in bytes instead of Kbytes, for at least a days worth of collections. Workaround: After a period of collecting, the values are displayed correctly.
25
CSCds12735 - Watchdog_perf server rebooting periodically, with perfmonitor=true Watchdog_perf server rebooting periodically. Workaround: PerfMonitor tool property is set to "true" in csm.properties file. Set this property to "false" and restart watchdog. CSCds18453 - Accounting data from a Release 1.1 Repository can not be displayed with Release 1.2 NetFlow data collected and made VPN aware under the Release 1.1 code structure can not be viewed with the Release 1.2 code. Data that was previously mapped to the VPN topology is all now classified as Unmapped. Type of Service (ToS) traffic that was applied to the appropriate classification is now all listed as Class 4 Out of Contract, Worst Class. All other reports that map traffic to end points or PEs are empty. Workaround: None.
API
CSCdm80601 - Module CiscoVPNServiceRequest In the Provisioning CORBA API, the module CiscoVPNServiceRequest is not needed. This module can be safely removed and all references to it. CSCdp10956 - VsmSRCreator:setPEPortReservationOnly() does not work The CiscoVsmSRCreator::VsmVPNConnectivityCreator::setPEPortReservationOnly() operation is FOR FUTURE USE. CSCdp22355 - CiscoAcctMonitor: need to clean up IDL files References to obsolete APIs getApplicationNameIndexTable(), getVrfNameIndexTable(), getRdNameIndexTable() are found in the IDL. Also the string "AcctManger" (spelled incorrectly) should be removed from the IDL. Even correctly spelled it would need to be removed. AcctManager is now called AcctMonitor. CSCdp69441 - Need new API to unset maximum AS occurrence in path Once you have called VsmVPNConnectivityCreator::setMaxASOccurrenceInPath() on a Service Request, there is currently no mechanism to undo this. That is, you can change the value of max. AS occurrence in the path, but you can not unset it. Workaround: Remove the Service Request. Create a new Service Request without calling setMaxASOccurrenceInPath() and deploy the new Service Request. CSCdp70476 - There is no CORBA API to unset import/export map and maximum routes There is currently no mechanism through the API to do the following:
1. 2. 3.
Remove an import map already set in an existing Service Request. Remove an export map already set in an existing Service Request. Undo the setMaxRoutes() API call.
Workaround: Remove the Service Request. Create a new one without the import/export map and without calling setMaxRoutes(). Then redeploy the new Service Request.
26
78-10944-01
CSCdp71973 - Need API to remove CoS profile from an existing SRVC There is currently no mechanism to remove a CoS profile from an existing Service Request. That is, if you have an existing Service Request that is associated with a CoS profile, say profileX, you are not able to remove profileX from the Service Request through the API. Workaround: Remove the existing Service Request. Create a new one without the CoS profile, and deploy the new request. CSCdp96508 - Memory Cleanup function in VpnInvMgr Interface The memory cleanup function in VpnInvMgr is not working correctly. Workaround: Client programs need to free all objects allocated from the CORBA server. CSCdp96865 - createImportRouterConfigTask() check dirPath & network validation TaskFactory::createImportRouterConfigTask(String taskName, String dirPath, String network) The task server does not complain when the dirPath and network are invalid. Workaround: Do the checking in the client code. The following is the sample code that can be added into the client code: File dirPath = new File("<dir that contains config files>"); if(!path.exists()) { System.out.println("<dirName> does not exist"); System.exit(1); } String [] networks = null; Vector netVector = new Vector(); DirectoryManager dirMgr //connect to dir mgr here networks = dirMgr.networks(); for(int i = 0; i < networks.length; ++i) { System.out.println("Adding network: " + networks[i]); netVector.addElement(networks[i]); } String network = "<networkName>"; if(!netVector.contains(network)) { System.out.println(network + " does not exist"); System.exit(1); } CSCdp97442 - Task server should do range checking for hr, min, and sec TaskScheduledTask::setEarliestStartTime() and TaskScheduledTask::setLatestStartTime() do not do range checking for hour, minute, and second. For example, when setting the earliest time to be 2/29/2000 12:23:70 or 2/29/2000 12:-3:20, there is no error msg. Instead, the scheduler translates 2/29/2000 12:23:70 to 2/29/2000 12:24:10, which is OK. But 2/29/2000 12:-3:20 translates to 4/29/2000, which may not be intended. Workaround: The client can add the range (0~59) checking code for hour, minute, and second in client code to ensure the time settings are correct. CSCdr24652 - Task Log can not be viewed if the task name has spaces If a task is defined with spaces in its name, that task does not appear in the Task Log. Workaround: Ensure that task names do not contain spaces, for example: by using underscores, by using a capital letter to start each word in a multi-word name, and so on. CSCdr44272 - Wrong error code returns when an error occurs on VPN Inventory Repository The operation addToRep() in the module CiscoVsmFWCreator returns a wrong errCode (errCode: 0) when trying to add invalid objects into the VPN Inventory Repository.
27
CSCdr58328 - Changing Repository being used by command line now requires restarting Orbix If you attempt to change the Repository being used by the command line without stopping both the Orbix and the watchdog processes, the watchdog process fails to register itself with the CORBA ORB and the following message occurs: The watchdog has not yet registered itself with the CORBA ORB. There may have been a problem during startup. The watchdog's log may contain information about why this occurred: /usr/users/vpn/vpn1.2api-20000605.00/vpn/tmp/wdlog Workaround: After this message, stop the watchdog process and kill the Orbix and nameserver process spawned by it. Then restart all processes. Watchdog should properly register. CSCdr68089 - CiscoEventGateway.idl: IDL code is not CORBA compliant The following struct is from the <CmdArg>CiscoEventGateway.idl<noCmdArg> file and is a new addition in Cisco VPN Solutions Center: MPLS Solution, Release 1.2: struct Event { string subject; Msg msg; }; The IDL grammar states that no two namespaces can differ only on the basis of case. In this struct, both Msg and <CmdArg>msg<noCmdArg> occupy the same namespace according to the IDL grammar, which supports IDL mapping to traditionally-all-uppercase COBOL. Workaround: The Orbix and OrbixWeb IDL compilers do not enforce this part of the IDL, so this is not an issue for those customers using the suggested Iona CORBA implementations and corresponding IDL compilers. However, this may pose a problem for customers using an IDL compiler from another vendor. If this is the case, contact customer support for your IDL vendor, and ask how to disable this grammar-checking feature or enable case-sensitive namespace support. CSCdr71204 - Catch CORBA exception when remove CoS profile from vi rep When the API CiscoVpnServiceModel::VpnInvMgr.removeCoSProfileFromRep() is called, the following CORBA API is caught: org.omg.CORBA.NO_PERMISSION: remote exception - No permission for attempted operation. The server '(unknown)' can only be launched persistently. Workaround: Ignore. CSCdr75731 - NonCORBA-compliant struct in CiscoSlaMonitor.idl file The following struct is from the <CmdArg>CiscoSlaMonitor.idl<noCmdArg> file and is a new addition in Cisco VPN Solutions Center: MPLS Solution, Release 1.2: struct SAAEntry { SlaId id; long protocol; TimeStamp timeStamp; ProtocolDataUnion protocolData; }; The IDL grammar states that no two namespaces can differ only on the basis of case. In this struct, both TimeStamp and <CmdArg>timeStamp<noCmdArg> occupy the same namespace according to the IDL grammar, which supports IDL mapping to traditionally-all-uppercase COBOL. Workaround: The Orbix and OrbixWeb IDL compilers do not enforce this part of the IDL, so this is not an issue for those customers using the suggested Iona CORBA implementations and corresponding IDL compilers. However, this may pose a problem for customers using an IDL compiler from another vendor. If this is the case, contact customer support for your IDL vendor, and ask how to disable this grammar-checking feature or enable case-sensitive namespace support.
28
78-10944-01
CSCdr77121 - Invalid datatype (VsmRTSeed) used on getAllRTSeeds(), freeRT() operation The APIs involved are: freeRT(in VsmRTSeed rt) operation: the format of the input parameter is like: "100:1". VsmRTSeedSeq getAllRTSeeds(): the format of the return value is like: "100:(1+9)". VsmRTSeedSeq getAllFreeRTs() the format of the return value is like: "100:2". VsmRTSeed getNextRT(): the format of the return value is like: "100:2". void removeRTSeed(VsmRTSeed rt) the format of the input parameter is like: 100 The same thing for RD Seeds. CSCdr88407 - Error in VpnInvImport Tool If the input file to the import tool has an individual IP specified as the address pool, an error is flagged. Workaround: Modify the Region's address pool in the input file so that it represents a pool and not an individual address. CSCdr92324 - ServiceProvider1_grey_mgmt_vpn should not be allowed to create VPN name should not contain the suffix "_grey_mgmt_vpn", that is, "ServiceProvider1_grey_mgmt_vpn". This suffix is reserved for naming grey management VPNs. Workaround: Do not use suffix "_grey_mgmt_vpn" when creating VPNs. CSCdr93908 - VsmPECreator:No error checking for Telnet timeout/retries The APIs CiscoVsmFWCreator::VsmPECreator::setTelnetTimeOut(in unsigned long timeOut) and CiscoVsmFWCreator::VsmPECreator::setTelnetRetries(in unsigned short retries) do not do any range checking for the input parameters timeOut and retries respectively. API users have to do their own checking for the legal range 1 - 60 for both these parameters. CSCdr94129 - Deleting Provider Administrative Domain has different behaviors on GUI and API operation When deleting the specified Provider Administrative Domain, GUI has a different behavior from the APIs operation on the following test case: Create a Provider Administrative Domain and assign some regions to it. For all of these regions, however, neither PEs nor IP address Pools are assigned to any of them. The result is that you can delete the Provider Administrative Domain from the GUI side even though there are still some regions corresponding to it. However when doing this through the API, calling the operation "removeProviderAdminDomainFromRep()" generates an error message: There are region(s) dependent on this provider admin domain record! It is expected that the GUI and the API behavior should be the same.
29
CSCds00434 - Unsynchronized behavior of GUI and API for SLA Task Creation Start with a clean Repository and then create a framework. At this stage, no service request is created. Then use the menu task bar, Monitoring > Provision SLA Definitions and Collect SLA Data to create and schedule an SLA. An error message results: There are no SA Agent customer edge (CE) routers associated with a VPN. Please associate at least one SA Agent customer edge (CE) router with a VPN, using the Setup menu, before attempting to use this wizard. The API behavior is as follows. API used: CiscoTaskFactory.createGetSlaDataTask(String taskName, String inputFile). The task can be created and scheduled without getting any error message. But the task is not executed forever. This is not the right behavior. Workaround: Make sure that there is a Service Request created for the CE that you want to monitor the SLA performance. CSCds04218 - First interface name is blank VpnInvExported file The first interface is blank in the <VsmPE> block. Workaround: None. CSCds08139 - VpnInvImport should give proper error message when required data is missing The VpnInvImport tool is not generating the proper error message when some of the mandatory fields in the input file are set to null or invalid. Workaround: None. CSCds08824 - VsmSRCreator:For Cable:Need to make setCEInterfaceAddress optional CiscoVsmSRCreator::VsmVPNConnectivityCreator::setCEInterfaceAddress() is a mandatory call for VsmInterfaceType:Cable, even if the address is not required. Workaround: Provide an IP address that will be ignored anyway while provisioning. CSCds10071 - VpnInvImport is not working when InterfaceType is set to Cable VpnInvImport is not working when the input file contains a Service Request created with PEInterfaceType & CeInterfaceType as Cable. Workaround: None. CSCds10122 - VpnInvExport is not exporting all the interfaces of a target VpnInvExport does not export all the interfaces available on a particular target. Workaround: None. CSCds11915 - VpnInvImport does not accept Route Target value with an IP address VpnInvImport does not accept Route Target values with an IP address while creating a CERC. Workaround: None. CSCds11962 - VpnInvImport does not import VRFDef for Grey-Management VPN VpnInvImport does not import the VRFDef with grey-management VPNs. Workaround: None.
30
78-10944-01
Cisco Connection Online
Other
CSCdp06576 - Hardwired path in Repository When changing the location of the Repository, make sure old tasks are deleted. These tasks may still refer to the old repository location. CSCdp62940 - Printing Data Summary report in PS takes large amount of resources Printing a report makes the GUI behave sluggishly or hangs it for a period of time. Workaround: Do not try to print reports containing large data sets using the PS option. Instead, print to a text or HTML file and then open this file in a browser. CSCdp63081 - Print of Data Summary report using TXT option has poor formatting Format of printed Data Summary report needs to be enhanced. CSCdr54951 - Collect configuration files did not collect configuration files Under certain conditions (currently unknown), a configuration collect task reports that none of the specified devices need collection, and it therefore does not collect from any of them. Workaround: None. Note that this behavior is expected and normal when devices are smart-collected, that is, registered for config-change traps. It might help to set the collect cycle time property, namely netsys.datacollector.cct.cycle_t, to a value smaller than your collection frequency. CSCdr72168 - Version 1.1 patch 3 installation causes the httpd to die This bug only affects version 1.1 patch3 for this customer only. CSCdr87449 - VPNSC: rep.list does not like the symbolic link: misc. errors The rep.list must always point to a full path and not to a path that contains a symbolic. Otherwise, the trapcatcher contains this error: !!! PROGRAMMER/USER error: -24 attempt to access unlocked set/record C errno = 0 C errno = 0 !!! and the trapcatcher generation count is high. Workaround: Restore the Repository from the GUI so that the rep.list points to the full path.
Cisco Connection Online

Cisco Connection Online (CCO) is Cisco Systems primary, real-time support channel. Maintenance customers and partners can self-register on CCO to obtain additional information and services. Available 24 hours a day, 7 days a week, CCO provides a wealth of standard and value-added services to Ciscos customers and business partners. CCO services include product information, product documentation, software updates, release notes, technical tips, the Bug Navigator, configuration notes, brochures, descriptions of service offerings, and download access to public and authorized files. CCO serves a wide variety of users through two interfaces that are updated and enhanced simultaneously: a character-based version and a multimedia version that resides on the World Wide Web (WWW). The character-based CCO supports Zmodem, Kermit, Xmodem, FTP, and Internet e-mail, and it is excellent for quick access to information over lower bandwidths. The WWW version of CCO provides richly formatted documents with photographs, figures, graphics, and video, as well as hyperlinks to related information. You can access CCO in the following ways:

WWW: http://www.cisco.com WWW: http://www-europe.cisco.com WWW: http://www-china.cisco.com
31
Documentation CD-ROM
Telnet: cco.cisco.com Modem: From North America, 408 526-8070; from Europe, 33 1 64 46 40 82. Use the following terminal settings: VT100 emulation; databits: 8; parity: none; stop bits: 1; and connection rates up to 28.8 kbps.
For a copy of CCOs Frequently Asked Questions (FAQ), contact cco-help@cisco.com. For additional information, contact cco-team@cisco.com.
Documentation CD-ROM
The Documentation CD-ROM, a member of the Cisco Connection Family, is updated monthly. Therefore, it might be more current than printed documentation. To order additional copies of the Documentation CD-ROM, contact your local sales representative or call customer service. The CD-ROM package is available as a single package or as an annual subscription. You can also access Cisco documentation on the World Wide Web at http://www.cisco.com, http://www-china.cisco.com, or http://www-europe.cisco.com. If you are reading Cisco product documentation on the World Wide Web, you can submit comments electronically. Click Feedback in the toolbar and select Documentation. After you complete the form, click Submit to send it to Cisco. We appreciate your comments.
This document is to be used in conjunction with the Cisco VPN Solutions Center: MPLS Solution publications. Access Registrar, AccessPath, Are You Ready, ATM Director, Browse with Me, CCDA, CCDE, CCDP, CCIE, CCNA, CCNP, CCSI, CD-PAC, CiscoLink, the Cisco NetWorks logo, the Cisco Powered Network logo, Cisco Systems Networking Academy, Fast Step, FireRunner, Follow Me Browsing, FormShare, GigaStack, IGX, Intelligence in the Optical Core, Internet Quotient, IP/VC, iQ Breakthrough, iQ Expertise, iQ FastTrack, iQuick Study, iQ Readiness Scorecard, The iQ Logo, Kernel Proxy, MGX, Natural Network Viewer, Network Registrar, the Networkers logo, Packet, PIX, Point and Click Internetworking, Policy Builder, RateMUX, ReyMaster, ReyView, ScriptShare, Secure Script, Shop with Me, SlideCast, SMARTnet, SVX, TrafficDirector, TransPath, VlanDirector, Voice LAN, Wavelength Router, Workgroup Director, and Workgroup Stack are trademarks of Cisco Systems, Inc.; Changing the Way We Work, Live, Play, and Learn, Empowering the Internet Generation, are service marks of Cisco Systems, Inc.; and Aironet, ASIST, BPX, Catalyst, Cisco, the Cisco Certified Internetwork Expert Logo, Cisco IOS, the Cisco IOS logo, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Collision Free, Enterprise/Solver, EtherChannel, EtherSwitch, FastHub, FastLink, FastPAD, IOS, IP/TV, IPX, LightStream, LightSwitch, MICA, NetRanger, Post-Routing, Pre-Routing, Registrar, StrataView Plus, Stratm, SwitchProbe, TeleRouter, are registered trademarks of Cisco Systems, Inc. or its affiliates in the U.S. and certain other countries. All other brands, names, or trademarks mentioned in this document/website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any of its resellers. (0008R) Copyright 2000, Cisco Systems, Inc. All rights reserved.
32
78-10944-01

MPLS VPN

Încărcat de

Informații document

Descriere originală:

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

MPLS VPN

Încărcat de

Drepturi de autor:

Formate disponibile

Release Notes for Cisco VPN Solutions Center: MPLS Solution 1.

Copyright 2000. Cisco Systems, Inc. All rights reserved.

Materials Included in Packaging

Materials Included in Packaging

What Is New in Release 1.2 of MPLS VPN Solution

What Is New in Release 1.2 of MPLS VPN Solution

What Is New in Release 1.2 of MPLS VPN Solution

API Programmer Guide Documentation Road Map

API Programmer Guide

Documentation Road Map

Event Subscription Service

What Is New in Release 1.2 of MPLS VPN Solution

Find Customer Site Find VPN.

Formatting of Error Logs for Programmatic Parsing

Interface Statistics Collection for Cisco Routers

Boolean Switch Additions

Cable Interface Support

What Is New in Release 1.2 of MPLS VPN Solution

CE and PE Subinterfaces Configurable with Frame Relay IETF Encapsulation

uBR 7246 (cable) Cisco 6400-Network Route Processor (NRP) as a PE.

Local Management Interface (LMI) Type Selection

Routing Protocol Addition (OSPF)

Unique Route Distinguisher Assignment Across PEs

VRF and RD Assignment Manually Overridden

Task Name and Network Name Enhancements

View Data Report

By Device By Network By Dataset Type (with numerous choices).

XML Formatted Reports

MPLS VPN Solution System Recommendations

For the workstation recommendations, see Table 1.

Number of CEs Up to 500 500 to 1,500

Disk Space 20+ GB 20+ GB 20+ GB

1,500 to more than 3,000 Enterprise 450 (4 CPUs)

Solaris 2.6 with recommended patches.

CD-ROM drive. The product is installed from a CD-ROM.

Cisco IP Manager (CIPM) (Lite) Version 2 Recommendations

Time Zones for NetFlow Collection

Other System Recommendations

Web Browser: Netscape 4.5 or later is recommended.

Time Zones for NetFlow Collection

Task API Usage: TaskFactory::createGetSLAData() Operation

API, page 12 Other, page 12.

Graphical User Interface

Graphical User Interface

Cisco Connection Online

Cisco Connection Online

WWW: http://www.cisco.com WWW: http://www-europe.cisco.com WWW: http://www-china.cisco.com

S-ar putea să vă placă și